I noticed an odd scenario pop up in my CRM dev environment.
We have Dynamics CRM 2015 On Premises and we are in our development phase. When I went into CRM Deployment Manager and created a new organization for the purpose of disaster recovery testing (call it org1), I received a warning during setup that stated that data encryption would be active after the install, and that it was recommended that I copy the encryption key and keep it in a safe place. As seen below:
Upon logging into org1 through the web interface, I went to Settings -> Data Management -> Data Encryption. It showed that encryption was active and it gave me an encryption key which I copied into a notepad text file. The encryption key appeared to be a very strange font and may have included Chinese language characters, which took me aback a little bit, but I was still able to copy it to clipboard and put it in notepad.
At this point, I am ready to start testing disaster recovery from backup. First, I entered a single Account into this new organization and filled in three fields (Account Name, Phone Number, Fax Number). This was to serve as my sample data. I then signed out of CRM. I then went into SQL Server 2014 Management Studio. Org1's database is listed as org1_mscrm in SQL Server. I made a backup of this database. I then used SQL Server Management Studio to restore the backup of org1_mscrm to a new database, called org2_mscrm.
I returned to CRM Deployment manager and import org2. This completes successfully. At this point, I do the configurations needed in DNS and ADFS to access org2 and then I login successfully.
I then go to Settings -> Data Management -> Data Encryption, and I see this, much to my surprise:
Data Encryption Inactive
Something seems wrong with this. I was under the impression that if I restored a database from a backup, that I would be required to enter the encryption key, without which I would be unable to access my data. I tested this and I was able to see the Account I added earlier and both phone numbers that I entered.
I have two concerns.
1) My data may come in unencrypted in a disaster recovery situation, which is less secure than I'd like.
2) My understanding is that upon restore, I should be required to enter the encryption key in order to read my data. It didn't work out that way under testing. I fear some odd, obscure, uniquely Microsoft sort of situation where encryption actually is active even though it says it isn't, and then when the day comes that I restore my database from a backup and I don't have the encryption key for some reason, our data is gone. FWIW, this is hypothetical. I'm never going to allow the encryption key for our production environment to NOT be recorded somewhere in case it's needed, but it bothers me greatly that I don't understand what is going on here.
Can anyone explain what is happening here?
